The 50-per­son aero­space en­gi­neer­ing firm was com­pro­mised in July last year but the na­tional cy­ber se­cu­rity agency, the Aus­tralian Sig­nals Direc­torate (ASD), only be­came aware of the breach in Novem­ber, tech­nol­ogy web­site ZDNet Aus­tralia re­ported.

Clarke, who worked on the case and did not name the sub­con­trac­tor, said in­for­ma­tion about the F-35, the US’ lat­est gen­er­a­tion of fighter jets, as well as the P8, an ad­vanced sub­ma­rine hunter and sur­veil­lance craft, were lifted. Another doc­u­ment was a wire­frame di­a­gram of one of the Aus­tralian navy’s new ships, where a viewer could “zoom in down to the cap­tain’s chair”. The hack­ers used a tool called “China Chop­per”, and gained ac­cess via an in­ter­net-fac­ing server.

In other parts of the net­work, the sub­con­trac­tor also used in­ter­net-fac­ing ser­vices that still had their de­fault pass­words “ad­min” and “guest”.